Helpdesk Issue Manager 0.x - 'find.php' Multiple SQL Injections

EDB-ID:

26638




Platform:

PHP

Date:

2005-11-28


source: https://www.securityfocus.com/bid/15604/info
 
Helpdesk Issue Manager is prone to multiple SQL injection vulnerabilities.
 
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
 
Helpdesk Issue Manager 0.9 and prior versions are reportedly affected. 

http://www.example.com/find.php?act=action&reset=yes&detail%5B%5D=[SQL]
http://www.example.com/find.php?page=0&act=action&orderby=sortorder&orderdir=[SQL]
http://www.example.com/find.php?page=0&act=action&orderby=[SQL]